| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <570ce61a-00ca-446f-ae89-7ab7c340828f@ghiti.fr> Date: Tue, 6 May 2025 18:31:41 +0200 From: Alexandre Ghiti <alex@...ti.fr> To: Nam Cao <namcao@...utronix.de> Cc: Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Samuel Holland <samuel.holland@...ive.com>, linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL On 05/05/2025 21:27, Alexandre Ghiti wrote: > On 05/05/2025 18:07, Nam Cao wrote: >> Hi Alex, >> >> On Mon, May 05, 2025 at 06:02:26PM +0200, Alexandre Ghiti wrote: >>> On 04/05/2025 12:19, Nam Cao wrote: >>>> When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not >>>> available, the kernel crashes: >>>> >>>> Oops - illegal instruction [#1] >>>> [snip] >>>> epc : set_tagged_addr_ctrl+0x112/0x15a >>>> ra : set_tagged_addr_ctrl+0x74/0x15a >>>> epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10 >>>> [snip] >>>> status: 0000000200000120 badaddr: 0000000010a79073 cause: >>>> 0000000000000002 >>>> set_tagged_addr_ctrl+0x112/0x15a >>>> __riscv_sys_prctl+0x352/0x73c >>>> do_trap_ecall_u+0x17c/0x20c >>>> andle_exception+0x150/0x15c >>> >>> It seems like the csr write is triggering this illegal instruction, >>> can you >>> confirm it is? >> Yes, it is the "csr_write(CSR_ENVCFG, envcfg);" in envcfg_update_bits(). >> >>> If so, I can't find in the specification that an implementation >>> should do >>> that when writing envcfg and I can't reproduce it on qemu. Where did >>> you >>> see this oops? >> I can't find it in the spec either. I think it is up to the >> implementation. > > > The reserved fields of senvcfg are WPRI and contrary to WLRL, it does > not explicitly "permit" to raise an illegal instruction so I'd say it > is not up to the implementation, I'll ask around. So I had confirmation that WPRI should not raise an illegal instruction so that's an issue with the platform. Your patch is not wrong but I'd rather have an explicit errata, what do you think? Thanks, Alex > > Thanks, > > Alex > > >> >> I got this crash on the MangoPI board: >> https://mangopi.org/mqpro >> >> Best regards, >> Nam >> >> _______________________________________________ >> linux-riscv mailing list >> linux-riscv@...ts.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-riscv > > _______________________________________________ > linux-riscv mailing list > linux-riscv@...ts.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists